There are six (6) implementable clauses within ISO 9001:2015 Quality Management System Standard.
Within this series of posts over the next six weeks we will discuss the requirements to all six clauses and the correct interpretation thereof.
8.4 Externally Provided Processes, Products & Services
This requirement is comparable to the requirement from ISO 9001:2008 Clauses 7.4.1 – Purchasing Process and Clause 7.4.3 – Verification of Purchased Product. You should seek and record evidence that your organization has retained documented information that records not only the criteria by which suppliers were selected, but also the results of the selection activities, and the results from the monitoring of their performance.
8.4.2 Type and Extent of Control
This requirement is comparable to the requirements from ISO 9001:2008 Clauses 7.4.1 – Purchasing Process and Clause 7.4.3 – Verification of Purchased Product. You should seek and record evidence you’re your organization has ensured that the supplied product or service meets the specified requirements. Confirm that your organization has established and implement a process of inspection to ensure that purchased products conform to:
1. Purchase orders;
2. Delivery notes;
3. Product specifications;
4. National or international standards.
8.4.3 Information for External Providers
This requirement is again comparable to the requirements from ISO 9001:2008 Clause 7.4.2 – Purchasing Information. You should seek and record evidence that your organization has, where appropriate, communicated not just the products or services they wish to receive, but also any processes they want the external provider to undertake on their behalf, as well as any interactions with your organization’s QMS. You should also check that the requirement for competency of external personnel is communicated.
8.5 Production and service provision
8.5.1 Control of Production and Service Provision
This requirement is comparable to the requirements from ISO 9001:2008 Clause 7.5.1 – Control of Production and Service Provision and Clause 7.5.2 Validation of Processes from Production and Service Provision. You should seek and record evidence that your organization has controlled the conditions by which products or services are provided, ensuring that:
1. Documented information that defines the characteristics of the product or service is available;
2. Documented information that defines the activities that need to be performed to produce the product or deliver the service is available, and that this specifies the results that are to be achieved;
3. Monitoring and measurement takes place at appropriate points in the production process to ensure that both the processes themselves and the process outputs meet the organization’s acceptance criteria;
4. The process environment and infrastructure are suitable;
5. Suitable monitoring and measurement resources are made available;
6. Personnel are competent and, where necessary, appropriately qualified;
7. For processes where the results cannot be verified by subsequent monitoring or measurement,
8. The process itself is initially validated and then periodically re-evaluated;
9. Product and service release, delivery and post-delivery activities are implemented.
8.5.2 Identification and Traceability
This requirement is comparable to the requirements from ISO 9001:2008 Clause 7.5.3 – Identification and traceability. You should seek and record evidence that product is identified (as appropriate) and its status with regards to monitoring and measuring (conforming or not) is identified throughout the manufacturing processes. Where traceability is a requirement, you should expect to see that your organization is controlling and recording the unique identification of the product.
8.5.3 Property Belonging to Customers or External Providers
This requirement is comparable to the requirements from ISO 9001:2008 Clause 7.5.4 – Customer Property but it has now been expanded to cover property belonging to external providers that your organization intends to incorporate into its own products and services. You should seek and record evidence that your organization has extended their treatment of customer property to include that of external providers.
Check that your organization communicates with its customers in regard to the handling and treatment of their property. You should also check that contingency plans and, where relevant, actions are undertaken when non-conformities occur with customer property. Good sources of information often include the following examples:
1. Goods returned by the customer;
2. Warranty claims;
3. Revised invoices;
4. Credit notes;
5. Articles in the media;
6. Consumer websites;
7. Direct observation of, or communication with, the customer.
This is a new requirement. The auditor will expect to see that adequate measures are taken to protect/preserve the product during internal processing and delivery to the intended destination. The preservation process must include the following: Preservation, packaging and other product specific handling methods are likely to an output of the product design process.
1. Identification – this is relative to Identification and Traceability however for preservation of product it is a requirement and not ‘as applicable’. The auditor will expect to see that all products are clearly identified;
2. Handling – the auditor will verify that suitable handling methods are implemented throughout the processes. This may include bulk handing using moving equipment or physical contact where handling may influence product conformity;
3. Packaging – the auditor will expect to see that methods have been established for packaging the product to preserve its integrity;
4. Storage – the auditor will expect to see that product is stored in a manner to safe guard product;
5. Protection – the auditor will verify that appropriate measures are in place to protect product. This will vary depending on the product.
8.5.5 Post-delivery Activities
This is a new requirement. Your organization must meet requirements for post-delivery activities associated with the products and services. In determining the extent of post-delivery activities that are required, the organization shall consider:
1. Statutory and regulatory requirements;
2. The potential undesired consequences associated with its products and services;
3. The nature, use and intended lifetime of its products and services;
4. Customer requirements;
5. Customer feedback.
Post-delivery activities can include actions under warranty provisions, contractual obligations such as maintenance services, and supplementary services such as recycling or final disposal.
8.5.6 Control of Changes
This is a new requirement for the organization to implement a process for responding to unplanned changes that are considered essential in order to ensure that products or services continue to meet their specified requirements, in such a way that conformity with requirements is maintained. Changes should be documented and information retained about the changes, including who authorized the change and the actions arising from the change.
You seek objective evidence that your organization has implemented a process to control unplanned changes in accordance with the requirements set out above.
Join our mailing list to receive upcoming posts: https://www.isoqar.co.za/